Despite Android dominating the global smartphone market, attacks such as the Gazon virus that infected thousands of Android devices act as a potent reminder that no company is entirely immune to attack.
With swathes of private corporate data to protect and systems to maintain, it’s not surprising that global research by SOTI (opens in new tab) found that almost 40 per cent of respondents have concerns over the security of Google’s mobile operating system.
Despite this, only 25 per cent of organisations surveyed had implemented a formal mobility management strategy, leaving many enterprises apprehensive about allowing Android devices to connect to corporate assets.
But the importance of enabling mobile technology and enhancing business agility for many businesses means it’s an inescapable platform for work operations. So what happens to enterprises that allow Android in their workplace? And how can businesses make sure they have all the protection they need to stay productive yet remain secure?
Audit Android use in your business
For many businesses BYOD will already be commonplace in their workforce, whether officially or by stealth.
The first step in determining how to manage Android is to better understand your workforce’s needs and where Android has benefits over and above their own business devices. It’s important to work out how many people are using their own devices to access work emails remotely because they don’t have an alternative device or the work solution is less intuitive for everyday use.
The recent example of Hillary Clinton highlights the need to closely evaluate user needs in order to define an effective security framework.
Once you have a clear picture of why and where Android has become a part of your business, it’s time to weigh the current usage against the three Ps of mobile:
By measuring the relative opportunities and risks posed by these consumer devices, you can start to define acceptable use on mobile and determine how it differs from existing policies for other assets, including desktop computing.
Providing a safety net
People are increasingly tech savvy and keen to get the most out of their devices. Popular modifications often involve obtaining privileged control of the operating system to give the user far greater access and control of core parts of devices including low-level hardware access and the ability to access system files.
These processes can often leave the operating system far less secure and potentially open to threats from malicious applications.
The key to addressing this issue educating your staff about the dangers of introducing modified phones to the network before they’re granted access, and enforcing this through a security policy if you’re running an EMM system.
Other popular actions that put your corporate network at risk include downloading and installing applications from third-party app stores on a device. Particularly on Android, this is easily to accomplish and often doesn’t appear to present any kind of risk.
Keep an eye on the apps people use to communicate corporate information and ensure your acceptable use policy governs the way consumer messaging apps are used in your organisation.
When it comes to securing sensitive corporate information, use two-factor authentication for enterprise applications and services that prevent attacks from hacking, malware or other malicious third-party programs.
Keeping private data private
One crucial consideration is whether your policy management allows for you to distinguish between corporate-liable and employee-owned information.
Keeping these two very clearly separated is invaluable when it comes to protecting employee privacy and ensuring company security if a device is lost or stolen. Be sure to have a firm, clear process for when this happens so employees can act immediately to prevent any damage to the business or themselves.
For a more preemptive approach, encourage employees to adopt strong, distinct passwords for all of their applications and consider biometric authentication for access to the most important company data.
It might also be worthwhile running a quick check to confirm device encryption is universally enabled; this feature is not always switched on by default on personal devices. This will go some way towards blocking a hacker.
For protection against more advanced threats, corporate data needs to be saved to a more easily defendable private cloud.
Managing Android effectively depends on carefully capturing the needs and preferences of your people. Planning for the future and keeping abreast of the mobile market, whether it’s operating systems or device manufacturers, will give you a sense of the technologies and capabilities your employees are familiar with and expect to be provided by their employer.
Building out a policy framework for Android and enforcing security with an EMM solution will ensure your organisation can support Android while securing corporate data and protecting employee privacy.
Carl Rodrigues is CEO of SOTI (opens in new tab).